At a seminar presented by quality consultant Kathy Roberts last summer, one of the attendees stood up to share his ISO story. Although his company was registered to ISO 9001, it had done the bare minimum to achieve certification. As the designated management representative, he was obviously frustrated. For the requisite management-review meetings, for example, executives of his company routinely excused themselves halfway through. They knew that their attendance would be documented in the minutes, and the company would meet its obligation in the next surveillance audit. This type of wasteful shadow system, in which the quality-management system remains disconnected from the overall management of the company, is not what the original framers of the ISO 9000 series had in mind. But it's what prevails at a fair number of the 400,000 companies worldwide that are registered to ISO 9001, 9002, or 9003, experts say. That disconnect could make the transition to the new ISO 9001:2000 difficult. "For those companies that unfortunately used [ISO] as a certificate on the wall, [ISO9001:2000] is going to be much more challenging because the executive team has to question how they are running their business, and take more of a hands-on approach," says Roberts, who coauthored ISO 9001:2000 Management Responsibility in a Nutshell, to be published in March by Paton Press. New Standards Structure On Dec. 15, 2000, the International Organization for Standardization (ISO), Geneva, released final versions of the revised quality-management-system standards and guidelines (ISO 9000:2000, ISO 9001:2000, ISO 9004:2000). In their structure and organization the new documents bear little resemblance to the current standards, last updated in 1994. The old version's 20-element structure has been abandoned. Specific requirements for 18 documented procedures have been reduced to six. The language is simpler; the text follows an outline rather than paragraph style; and ISO 9002 and 9003 have been eliminated. The new standard is build on a theoretical foundation of eight principles (see Quality Management Principles) and follows a process-based approach to quality management that is intended to align the standard more with the way a business is actually run -- planning, acting, analyzing results, and making improvements -- rather than offering a random list of procedures. "People should have quality systems that reflect, and are documented in a way that reflect, the way they really operate, rather than some arbitrary structure of 20 sections in a manual," notes Jack West, lead U.S. delegate to the ISO committee that oversees the development of the ISO 9000 family of standards. West adds that while understanding customer requirements was in the 1994 version of the ISO 9000 series, the goal of a customer-focused organization now has been stated more explicitly with specific requirements for measuring and tracking customer satisfaction. Provisions for continuous improvement also have been added. Companies seeking registration will need to show how they use customer feedback to set clear performance objectives, and the processes they have in place to track progress toward those targets. As different as the new standard appears, those close to its development describe the changes as more philosophical than practical. For companies that embraced the intent as well as the letter of ISO 9000:1994, meeting the conditions of the 2000 standard won't be tremendously difficult. Although it's not mandatory, most of these companies will choose to reorganize their quality manual to conform to the new document, which will involve some paperwork, and they'll have to train their employees in the new requirements. They may even have to add a few procedures. But for companies whose management never really made a commitment, upgrading to ISO 9001: 2000 will require a lot of work, more work, perhaps, than many will be prepared to undertake. "The new standard triples the requirements for senior management," says Anthony Fletcher, director of operations, Eagle Group USA Inc., a Troy, Mich., ISO 9000 training and consulting firm. "Depending on the culture and management team that a company has, some will take [the changes] on board and make the transition. Others are going to struggle with it. It's going to be against their culture and style." In practice, upper management often has delegated responsibility for ISO 9000 compliance to their quality personnel. Under ISO 9001:2000, in addition to communicating the organization's quality policy and objectives, executives will have to show that they have communicated the importance of meeting customer, regulatory, and legal requirements. Top management will be expected to ensure that customer requirements are understood and met throughout the company, to participate in a more rigorously defined management review process, and to allocate adequate resources, from facility needs to training, to the quality-management system. This means that when the auditors arrive at the plant, their first step won't be checking the quality manual for the necessary documentation; it will be a visit to the executive suite. "What we're trying to do now is follow the way a company's internal [business] processes actually work," says Gary Minks, audit manager, TV Management Service, an ISO 9000 registrar in Danvers, Mass. "We're tailoring our audit plan to fit the way an organization actually conducts its business, fitting into that the requirements of the new standard. How they define their processes internally is basically how we'll follow the audit trail." Auditors' Role Based on early experience, auditors will be spending more time talking to people and less time wading through records. They are going to be working much more closely with their clients to fully understand their business processes. Much of this background work will need to be done before the auditors arrive on site. With fewer specific procedures to check, auditors will be challenged to interpret the requirements and determine whether an organization's systems meet the standard's intentions. Once a particular item is recognized as meeting a requirement, auditors are going to have to record that information for future surveillance audits. To some extent, manufacturers will be at the mercy of their registrars, even more than under the present standard. The concern is whether they interpret the standard's requirements in a manner that is fair, flexible, and reasonable. For this reason, the whole audit process is going to require a higher-caliber auditor who will be able to understand and follow a company's management processes, rather than simply tick off items on a checklist. For guidance, auditors will be using the ISO 9000:2000 document itself. It provides the vocabulary used in ISO 9001:2000, the document to which companies can be certified. For example, under corrective action the standard says, "You will review actions taken." What does that mean? "Look up 'review' in the vocabulary and it includes 'verification of effectiveness,'" notes Minks. "That's very specific. So what the organization needs to do is verify the effectiveness of the corrective action that they implemented -- how well that action prevents the recurrence of the problem." A few manufacturers already have been audited to ISO 9001:2000 and achieved certification. The Lockheed Martin Corp. facility in Manassas, Va., began the process in May 1999, when managers attended a presentation, along with their registrar, covering the proposed changes in one of the standard's early committee drafts. According to Paul Shimp, site TQM coordinator at the 1,800-person plant, the facility had to update a number of procedures, including its documentation and internal-audit-procedures, as well as the management-review process. To meet some of the new requirements, Lockheed Martin added some metrics to its quality-management system that already were being tracked on a less formal basis. The quality manual was rewritten to make it correspond to the requirements of the revised standard. "I think the new standard has benefited us because it provides more of a structured approach to process improvement," says Shimp. "There are more metrics that we're looking at that govern more processes around the company. It provides [management] more visibility to process performance and needed improvements." LeCroy Corp., Chestnut Ridge, N.Y., which develops and manufactures digital oscilloscopes, only achieved certification to the 1994 quality standard in January of last year. The company decided to pursue the latest version in order to put LeCroy ahead of the curve, and because management perceived that the new requirements would further focus the company on customer satisfaction and on how executives manage at both business and strategic levels. The act of preparing for the ISO 9001:2000 registration, which LeCroy formally achieved on the day the final standard was published, helped it break down walls and eliminate some narrow functional processes. "We put a lot of emphasis on integrating processes end-to-end, which came in very handy for us because we are in the process of implementing an end-to-end worldwide ERP system," observes Luis Boza, vice president of corporate quality. Boza emphasizes that the requirements in the 1994 version of the standard -- which establishes basic discipline in design and development, purchasing, control of instrumentation and equipment, manufacturing, and service -- have not been deemphasized; rather, they have been lumped together in the product-realization section of the new standard. "It's still there. Without it, there's nothing you can do in management processes." The early adopters of ISO 9001:2000 are those most likely to benefit from it. The deadline for all currently registered companies to update their quality-management systems is still almost three years away. Industry observers say that as Dec. 15, 2003, draws nearer a significant number of companies may decide to drop certification altogether. Companies will evaluate their internal costs, the amount they pay their registrar, and decide that the return on investment just isn't there. They could even choose to hire unaccredited registrars and simply maintain their conformance to the 1994 standard after the official deadline for upgrading has passed. It will depend on what the market accepts. Starting Point Even for those companies that do choose to upgrade, just as with the 1994 version, registration itself will not be a competitive advantage. ISO 9001:2000 is more of a starting point. ISO delegate West describes the basic quality-management system as the base of a pyramid. At the top are the Malcolm Baldrige National Quality Award in the U.S. or the European Quality Award. From this perspective, lean-manufacturing initiatives and Six Sigma techniques are vertical tools that can help organizations bridge the gap to the top. ISO 9004:2000 is another such tool. The document offers guidelines for performance improvements above the basic requirements in ISO 9001:2000. According to West, who participated in the revision process, the idea was to conceptually link the requirements document to the operational-excellence models. ISO itself advises on its Web site that organizations should not adopt ISO 9001 unless conformity to the standards will help them achieve better business results. On this point you'll get no argument from critics like John Seddon of Vanguard Consulting, Buckingham, England, who wrote In Pursuit of Quality: The Case Against ISO 9000 (1997, Oak Tree Press). "I believe that even with the revision, ISO 9000 is essentially bad for business because it makes you do things that make you worse, and stops you from seeing things you should see if you want to be better," says Seddon. After telling clients to avoid the standard if they can, he advises those who must adopt ISO 9000 to use what he calls a "systems" approach that is more in line with the Toyota Production System and lean principles. Because the new standard is less prescriptive, it allows those companies seeking registration to be more creative in the way they meet the requirements, and to follow an approach like the one advocated by Seddon. Manufacturers do have a choice. All ISO standards are voluntary by definition. Companies that are forced to comply should take comfort in the fact that ISO 9001:2000 offers a better model than its predecess or for helping an organization focus on the needs of customers, and improve their operations.